dokploy-deploy
Warn
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The documentation describes a 'Run Command' feature (in references/applications/advanced.mdx) that allows users to execute arbitrary shell commands directly within running containers.
- [COMMAND_EXECUTION]: The installation and setup scripts (found in references/getting-started/manual-installation.mdx) require root privileges and perform sensitive system operations such as initializing Docker Swarm and modifying network configurations.
- [COMMAND_EXECUTION]: The manual installation script in references/getting-started/manual-installation.mdx sets the /etc/dokploy directory to mode 777 (global read/write/execute), which is a security weakness allowing any local user to modify application configurations.
- [EXTERNAL_DOWNLOADS]: The skill recommends installing software via remote scripts: curl -sSL https://dokploy.com/install.sh | sh and curl -sSL https://get.docker.com | sh. While these are from the vendor and Docker respectively, they bypass package manager verification.
- [SAFE]: Hardcoded connection strings identified by static analysis in references/databases/connection/ are verified as documentation placeholders (e.g., user:password) and do not represent a credential leak.
Audit Metadata